pkwrite: add a safety check before calculating the buffer size

2024-11-22 22:35:43 +01:00 · 2018-11-19 18:09:59 -05:00 · 2018-11-19 18:09:59 -05:00 · 158c3d10d0
commit 158c3d10d0
parent 4b11407258
1 changed files with 6 additions and 1 deletions
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@ -167,8 +167,13 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
    {
-        size_t buffer_size = *p - start;
+        size_t buffer_size;
        psa_key_slot_t* key_slot = (psa_key_slot_t*) key->pk_ctx;
+
+        if ( *p < start )
+            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+        buffer_size = *p - start;
        if ( psa_export_public_key( *key_slot, start, buffer_size, &len )
             != PSA_SUCCESS )
        {